tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
xfrm6: Properly handle unsupported protocols
We don't catch the case if an unsupported protocol is submitted
to the xfrm6 protocol handlers, this can lead to NULL pointer
dereferences. Fix this by adding the appropriate checks.
Fixes: 7e14ea15 ("xfrm6: Add IPsec protocol multiplexer")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+10
-1
+10
-1
net/ipv6/xfrm6_protocol.c
+10
-1
net/ipv6/xfrm6_protocol.c
···
50
50
{
51
51
int ret;
52
52
struct xfrm6_protocol *handler;
53
+
struct xfrm6_protocol __rcu **head = proto_handlers(protocol);
54
+
55
+
if (!head)
56
+
return 0;
53
57
54
58
for_each_protocol_rcu(*proto_handlers(protocol), handler)
55
59
if ((ret = handler->cb_handler(skb, err)) <= 0)
···
188
184
struct xfrm6_protocol __rcu **pprev;
189
185
struct xfrm6_protocol *t;
190
186
bool add_netproto = false;
191
-
192
187
int ret = -EEXIST;
193
188
int priority = handler->priority;
189
+
190
+
if (!proto_handlers(protocol) || !netproto(protocol))
191
+
return -EINVAL;
194
192
195
193
mutex_lock(&xfrm6_protocol_mutex);
196
194
···
235
229
struct xfrm6_protocol __rcu **pprev;
236
230
struct xfrm6_protocol *t;
237
231
int ret = -ENOENT;
232
+
233
+
if (!proto_handlers(protocol) || !netproto(protocol))
234
+
return -EINVAL;
238
235
239
236
mutex_lock(&xfrm6_protocol_mutex);
240
237